RECon2005

Tools and techniques used by Reverse Engineers - by Nicolas Brulez

This is a 3 day training course presented by Nicolas Brulez. Learn to break code, unpack protected binaries, find vulnerabilities in closed source software, analyze virus infectors and much more.

Session one: 14-16 June 2005
Session two: 20-22 June 2005

Each session is limited to 15 seats. Register as soon as possible. Training attendees are required to bring a laptop and a licensed copy of IDA Pro. Seats are still available for both sessions.

Day one: Introduction to Reverse Engineering

An introduction to reverse engineering goals, tools and techniques. Topics covered will be assembly language, calling conventions, local variables, arguments, PE file format. Students will learn how to recognize high level language constructs, data structures and identify compilers. Attendees will be introduced to IDA Pro, Soft ICE and OllyDbg.

Day two: Advanced Reverse Engineering Part I

The course will cover malware analysis, PE file compressors/protectors, unpacking protected binaries, repairing redirected imports, bypassing anti-debugging code and much more. Students will be introduced to script and plugin development for various reverse engineering tools (IDA's IDC, Imprec plugins, OllyDbg scripts ). Real life Windows-based malware will be provided for reverse engineering exercices as well as some PE compressed binaries.

Day three: Advanced Reverse Engineering Part II

Various aspects of reverse engineering will be covered: closed source vulnerability research, Pocket PC reverse engineering (ARM based devices), .NET binaries, Linux ELF files and much more. We will also cover cryptography, and how to identificate the algo beeing used by programs, and how to attack it, when possible. (Weak PRNG, Small keys etc). A lot of demonstrations and exercises will be given.

Bio

Chief of Security for Digital River working on the SoftwarePassport/Armadillo protection system, Nicolas specializes in anti-reverse engineering techniques to defend against software attacks. He has been active in malware research in collaboration with various anti-virus companies. He regularly writes for the French security magazine MISC and has authored a number of papers on reverse engineering. He currently teaches assembly programming and reverse engineering in French engineering schools. Nicolas has more than 7 years of experience reverse engineering on Microsoft Windows platforms.